[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 09/156: When doing SSLVerifyCert require then we need to always require the certificate to match what OpenSSL does.

[Timo Aaltonen]

This is an automated email from the git hooks/post-receive script.

tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.

commit 77042d50c8c2aee91d67186363eeba03d657ecb9
Author: rcritten <>
Date:   Tue May 24 21:23:36 2005 +0000

    When doing SSLVerifyCert require then we need to always require the
    certificate to match what OpenSSL does.
---
 nss_engine_init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nss_engine_init.c b/nss_engine_init.c
index db98fa3..b2d2c14 100644
--- a/nss_engine_init.c
+++ b/nss_engine_init.c
@@ -456,7 +456,7 @@ static void ssl_init_ctx_verify(server_rec *s,
 {
     if (mctx->auth.verify_mode == SSL_CVERIFY_REQUIRE) {
         SSL_OptionSet(mctx->model, SSL_REQUEST_CERTIFICATE, PR_TRUE);
-        SSL_OptionSet(mctx->model, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NO_ERROR);
+        SSL_OptionSet(mctx->model, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_ALWAYS);
     } else if (mctx->auth.verify_mode == SSL_CVERIFY_OPTIONAL) {
         SSL_OptionSet(mctx->model, SSL_REQUEST_CERTIFICATE, PR_TRUE);
         SSL_OptionSet(mctx->model, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NEVER);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git